Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Other available versions:

Versions 6 and 7 | Version 5 | Version 4Link: What version am I on?

Code42 Support

Alerts reference

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Other available versions:

Versions 6 and 7 | Version 5 | Version 4Link: What version am I on?

Overview

Code42 Alerts give you an overview of the different alerts and alert rules you have in your Code42 environment to let you know when important data may be leaving your company.

This article is a reference guide with detailed descriptions of each item in Code42's Alerts. For information on creating and configuring security alerts, see Create and manage alerts.

Considerations

Alerts

To view alert notifications:

  1. Sign in to the administration console.
  2. Select Alerts > Review Alerts

Review Alerts

Alert notifications appear on the Review Alerts tab when thresholds defined in alert rules are exceeded. 

Review Alerts tab of Alerts

Item Description
a Create Rule Creates a new rule to alert you when important data may be leaving your company.
b Review Alerts

Displays all of your alerts for the selected filters. 

c Manage Rules Displays all of the security alert rules that have been created. For more information, see Manage Rules below.
d Filter types

Filters your view of alerts by the following: 

 

Event

  • Date Observed - Date the alert was triggered
  • Username/Actor - Shows the the Code42 username or cloud service alias (actor) of the person who caused the event

Alert

The alert filters are based on options you selected or entered when creating the rule for the alert.

  • Severity - Low, Medium, or High
  • Rule Name
  • Description
  • Alert State (default filter) - Open or Dismissed
  • Alert ID - Used by Code42 to present filtered results from alert notification emails
e Operator

Search operator options vary based on search type.

  • Single value
    • Is: Returns alerts that match the criteria
    • Is not: Excludes alerts that match the criteria
    • Contains: Includes alerts that match the criteria.
    • Does not contain: Excludes alerts that match the criteria.
    • On: Returns alerts triggered on this date
    • On or after: Returns alerts triggered on or after this date
    • On or before: Returns alerts triggered on or before this date
    • Between: Returns alerts triggered between these dates
  • Multi-value (OR)
    • Is either: Returns alerts that match any item in the list of criteria. This filter is evaluated as though the "OR" operator exists between each value.
    • Is neither: Returns alerts that do not match the items included in the list of criteria.
f Criteria

Defines the criteria for the search.

 

For multi-value searches (Is either or Is neither), enter each value on a separate line. Do not enter a comma-separated list.

 

Wildcards are not supported.

g Remove filter Removes this filter.
h Add filter Adds another filter. Results only return events that match all filters.
i Select all Selects all alerts and presents an action button (Reopen or Dismiss). Perform the action to all selected alerts at once.
j Column sort Column sort icon Click the up arrow to sort results by this column in ascending order. Click the down arrow to sort in descending order.
k Actions

Use this column to dismiss or reopen alerts. 

  • Dismiss: Removes this individual alert from the list of open alerts. To stop all alerts for this specific activity, select the Manage Rules tab and disable the alert. 
  • Reopen: Adds this alert back to the list of open alerts on the Review Alerts tab.
l Expand/collapse alert details Details arrow Expands or collapses details for this alert. Includes file event information as well as the alert name and description.
m Alert details Displays the name of the alert and its description. 
n Exposure Type

Displays the type of exposure that triggered the alert. 

o Total File Size Displays the combined file size for the files impacted by the suspected exposure.
p Number of Files Displays the total number of files impacted by the suspected exposure.
q Time Range of Events Displays the time period in which the file activity occurred.
- File Categories
(Not shown in image)
Displays the file categories of the files identified by this alert (for example: Document, Spreadsheet, Image).
r Investigate in Forensic Search Click to see these files in Forensic Search.
s

Alerts per page

Select to display 10 or 25 alerts per page.

Manage Rules

Use the Manage Rules tab to view, edit, duplicate, and delete existing alert rules that trigger alert notifications.

To add or edit alert rules:

  1. Sign in to the administration console.
  2. Select Alerts > Manage Rules

Manage Rules tab of Alerts

Item Description
a Create Rule Creates a new rule that you can use to alert you when important data may be leaving your company.
b Review Alerts

Displays all of your alerts for the selected filters. For more information, see Review Alerts above.

c Manage Rules Displays all of the alert rules you have created. 
d Rule Name Name entered for the rule when it was created.
e Severity Severity of the alert that was selected when the rule was created.
f Created Date the rule was created.
g Last Modified Date the rule was last changed. 
h Enable

Click to enable or disable rules.

  • Enable: Allows the rule to notify of you of potential file exfiltration based on its settings. 
  • Disable: Stops the alert from firing for all users that were added to the rule. The alert will no longer generate new notifications on the Review Alerts tab.
i Column sort Hover over any column header to see the sort option. Click the up arrow to sort results by this column in ascending order. Click the down arrow to sort in descending order.
j Edit Click to edit an alert rule. For information on the values you can change, see Create and manage alerts.
k Actions Click to make a copy of an existing rule or to delete a rule.
l Departing Employees badge Indicates a rule that is created by default for departing employees when they are added to the Departing Employees application
m Locked settingLocked setting Indicates that you cannot enable or disable this alert here. This rule is for the Departing Employees application and can be enabled or disabled from Detection > Departing Employees > Alert Settings.
n Rules per page Select to display 5, 10, 25 rules per page.
o Pagination Click right and left arrows to scroll through pages of rules.